| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Festplatte beschädigt. Schwarzer Bildschirm.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.04.2011, 11:32
| #1 |
 |  Festplatte beschädigt. Schwarzer Bildschirm. Hallo zusammen, gestern Abend tauchte plötzlich die Meldung "Festplatte beschädigt. Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA- Festplatten erkannt." Bei Windows Recovery erschien die Meldung "Kritischer Fehler. Beschädigte Festplatten-Cluster gefunden. Private Daten sind in Gefahr" Der Desktop war schwarz und die Ordner waren verschwunden. Dann habe ich OTL und Malewarebytes drüberlaufen lassen und eine Systemwiederherstellung gemacht. Zwar erscheint jetzt wieder mein Desktophintergrund, aber nur einige Ordner und beim Betrachten der Ordner hat sich gezeigt, dass die meisten leer sind. Ich würde mich freuen, wenn mir jemand helfen könnte den Trojaner zu killen  und meine Dateien zu retten.Im Voraus schonmal vielen Dank! Louisa |
|
27.04.2011, 11:34
| #2 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Achso ja, hier die "Antworten" von OTL:
__________________Extras.Txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.04.2011 12:13:35 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,60 Gb Total Space | 37,66 Gb Free Space | 27,37% Space Free | Partition Type: NTFS
Computer Name: LOUISA-PC | User Name: Louisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085EBB76-BD34-4E5C-ADE6-A59FB77FE0BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20EF3977-9A99-4D76-96F1-69BF6107A16C}" = lport=137 | protocol=17 | dir=in | app=system |
"{25DC2DA7-1A70-401E-95C4-16588BDACDAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39CC7A95-754C-49CC-8AB0-9CA561DD8799}" = rport=445 | protocol=6 | dir=out | app=system |
"{419ABE11-FDBB-4539-B72B-C1EE1D601A46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66AE29EA-5401-44FB-A3EC-FCD8F77DEDFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A2DB1CF-0059-4792-8E95-B322394C4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7EA742B9-3479-4434-BB3D-A140AB651547}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FA380C6-5380-425B-975E-6A930F9FFC68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A7A557C-526C-48D4-818A-E09A0A50C76B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9273A07D-B510-4584-95D1-1D5320223029}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98381206-8CC1-4592-BB75-60ECA959F992}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BA7F3917-0C9E-418F-AAA8-F0E847DFE06D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B2BF9C-3C2A-4A1C-8AB3-052BCD1805A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D12B4347-9D36-4EBA-AC3F-60863D9E25CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3A8E24F-4761-423E-BD26-E4E6B2F67401}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEE35C88-4384-4BE7-8FF2-389B5846E349}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F18BDAF8-3ACE-4610-AF9D-4E10B2D552BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F655342D-A979-444B-A13D-86DAF1356526}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6A8E882-BB05-45D8-BD73-1A700FE23F92}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19A0882E-2411-4949-BB4E-1050682B9795}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2646726F-2ADE-4BCC-B80A-ACC141DEEF2C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43AA30DE-6A05-40EC-BDD5-50CA06F75611}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4615D4D5-24AE-4634-943E-6E80B1019A74}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{591E6C96-C5E4-40C4-9B87-7F1BAD49F0FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA1A3070-C0F1-4136-AC2B-92F1BCCAD2C2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C39380DB-B074-4D58-9244-A64722C67B19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6D08AF9-6EF3-4AC8-A401-EBC9777F84FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D512292B-24E6-48AB-94C4-5D6D77C4FF56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EEB77915-FB78-404B-AC36-8D4BBF7E769B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{77C2C2B7-D9AF-4CA6-8A9F-EA332455880C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A30766E4-2CFC-4D2C-9AC0-A3F251825435}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B2838EEE-F79A-4B1F-AAD5-6416F995D672}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B5D3EAFD-2A24-44E7-ADB8-AD535B9796F1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C28C28AF-30D3-4BC3-9DF4-A391BE60B0BE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D16058CA-E73A-4871-AB36-F743D4EEA71A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{EC04232F-AA3A-454B-BF30-4E19C22AC5F1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{060EBB9B-4D49-4CBB-B439-CF22ABD6E86E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{481C1975-6ECE-4A3C-B0AF-FF51CC31181C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6D3E57C2-6FD5-4583-AF03-BD75C6C52378}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9658D156-0559-48DC-AE1A-E98ACDF7A7EF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AF76AFD1-31C6-4149-B904-0A923DB5F386}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{DE5F0A45-13E3-4023-8BFB-C49CFFC5BDE0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{FA163DF6-F0FA-445D-B292-256A4D2A4346}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}" = Vestel Installer Suite
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Nur Web
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E5F8579-12A8-4169-A3EC-688EC7004A00}" = AuthenTec Fingerprint Sensor Minimum Install
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 1.3M WebCam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC5BB96-49B4-4C4F-9E2F-B70D2A37C209}" = Böse Nachbarn 2 Demo XS
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E45B30C1-AE47-41E0-83C4-E3EB82688917}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.17
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"00054 Mathematik für Wirtschaftswissenschaftler II" = 00054 Mathematik für Wirtschaftswissenschaftler II
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Citavi" = Citavi 2.5
"DivX Setup.divx.com" = DivX-Setup
"Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Gefeuert Demo" = Gefeuert Demo (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ScummVM_is1" = ScummVM 0.9.0
"SymSetupTemp.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider - The Last Revelation" = Tomb Raider - The Last Revelation
"Tomb Raider III" = Tomb Raider III
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VLC media player 1.0.1
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.04.2010 09:29:06 | Computer Name = Louisa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3726 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1188 Anfangszeit: 01cae475516ca215 Zeitpunkt der Beendigung:
46
Error - 26.04.2010 15:24:00 | Computer Name = Louisa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3726 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 900 Anfangszeit: 01cae5730d494076 Zeitpunkt der Beendigung:
11
Error - 28.04.2010 11:14:37 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul PDDom.api, Version 8.0.0.456, Zeitstempel 0x453c8928,
Ausnahmecode 0xc0000005, Fehleroffset 0x000089df, Prozess-ID 0x624, Anwendungsstartzeit
01cae6e4f9fbf4df.
Error - 04.05.2010 14:40:14 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul PDDom.api, Version 8.0.0.456, Zeitstempel 0x453c8928,
Ausnahmecode 0xc0000005, Fehleroffset 0x000089df, Prozess-ID 0xf98, Anwendungsstartzeit
01caebb5feacceda.
Error - 04.05.2010 15:38:56 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 04.05.2010 16:17:14 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00000a35, Prozess-ID 0xd6c, Anwendungsstartzeit
01caebba34b02ba9.
Error - 04.05.2010 16:17:17 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul Multimedia.api, Version 8.0.0.456, Zeitstempel 0x453c874b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0008727b, Prozess-ID 0xd6c, Anwendungsstartzeit
01caebba34b02ba9.
Error - 04.05.2010 16:41:44 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul PDDom.api, Version 8.0.0.456, Zeitstempel 0x453c8928,
Ausnahmecode 0xc0000005, Fehleroffset 0x000089df, Prozess-ID 0xc4c, Anwendungsstartzeit
01caebca13cc1794.
Error - 04.05.2010 16:41:46 | Computer Name = Louisa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AcroRd32.exe, Version 8.0.0.456, Zeitstempel
0x453c8fee, fehlerhaftes Modul Multimedia.api, Version 8.0.0.456, Zeitstempel 0x453c874b,
Ausnahmecode 0xc0000005, Fehleroffset 0x0008727b, Prozess-ID 0xc4c, Anwendungsstartzeit
01caebca13cc1794.
[ System Events ]
Error - 14.12.2009 09:37:22 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 09:37:52 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 14.12.2009 12:14:03 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 12:14:36 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 14.12.2009 19:12:36 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 10:18:07 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 10:18:42 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 15.12.2009 13:36:42 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 13:37:20 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 16.12.2009 11:47:14 | Computer Name = Louisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.12.2009 um 01:02:37 unerwartet heruntergefahren.
< End of report >
|
|
27.04.2011, 11:36
| #3 |
| | Festplatte beschädigt. Schwarzer Bildschirm. OTL.Txt:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 27.04.2011 12:13:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louisa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,60 Gb Total Space | 37,66 Gb Free Space | 27,37% Space Free | Partition Type: NTFS Computer Name: LOUISA-PC | User Name: Louisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Louisa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.exe (Vestel Digital) PRC - C:\Programme\Vestel\Vestel Mobile Utilities\Mobile Utility Button\MobUtil.exe () PRC - C:\Programme\Vestel\Vestel Mobile Utilities\Anti-Theft Sensor\ATApp.exe (Vestel Digital) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\O2Micro\o2flash.exe (O2Micro International) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Louisa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (o2flash) -- C:\Program Files\O2Micro\o2flash.exe (O2Micro International) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsl7e16c9c9) -- File not found DRV - (MpKsl5e8e77eb) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C5D46FE3-9BA1-4FA6-B9B4-25BD6D2D7878}\MpKsl5e8e77eb.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (MLowCtl) -- C:\Windows\System32\drivers\MLowCtl.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (acpihid) -- C:\Windows\System32\drivers\acpihid.sys (Intel Corporation) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (KBFilter) -- C:\Windows\system32\DRIVERS\KBFilter.sys () DRV - (ATDrv) -- C:\Windows\System32\drivers\ATDrv.sys () DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (MTsensor) -- C:\Windows\system32\drivers\asacpi.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.17 01:54:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.13 21:29:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.27 11:07:17 | 000,000,000 | ---D | M] [2009.08.11 01:14:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Louisa\AppData\Roaming\mozilla\Extensions [2011.04.27 11:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions [2011.04.27 11:07:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(3120) [2011.04.27 11:52:11 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.27 11:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.27 11:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 11:07:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.08.26 00:25:35 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2010.08.26 00:25:35 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\SSFF [2009.08.11 03:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.28 18:13:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.28 18:13:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.28 18:13:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.28 18:13:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.28 18:13:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Louisa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab?AuthParam=1226922528_de1d55bca6bc29c89c61fb48141ec40d&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD5/JSCDL/jre/6u10-b92-b/jinstall-6u10-windows-i586-jc.cab&File=jinstall-6u10-windows-i586-jc.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} hxxp://f009.mail.lycos.de/app/uploader/FileUploader.cab (Lycos File Upload Component) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (ATGINA.DLL) - C:\Windows\System32\ATGina.dll () O24 - Desktop WallPaper: C:\Users\Louisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Louisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 12:11:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Louisa\Desktop\OTL.exe [2011.04.27 11:20:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec [2011.04.27 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.04.27 11:07:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.04.27 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Louisa\AppData\Roaming\Malwarebytes [2011.04.27 00:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.27 00:30:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 23:43:04 | 000,000,000 | -H-D | C] -- C:\Users\Louisa\Desktop\Libyen [2011.04.17 21:42:42 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.17 21:42:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.17 21:42:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.17 21:42:11 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.17 21:41:42 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.17 21:41:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.17 21:41:20 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.17 21:41:19 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.17 21:41:18 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.17 21:41:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.17 21:41:17 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.17 21:41:04 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.17 21:41:00 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.17 21:40:59 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 20:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.14 20:28:59 | 000,000,000 | ---D | C] -- C:\Programme\iPod [3 C:\Users\Louisa\Desktop\*.tmp files -> C:\Users\Louisa\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.27 12:11:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Louisa\Desktop\OTL.exe [2011.04.27 12:00:16 | 000,349,544 | ---- | M] () -- C:\Users\Louisa\Desktop\SymFix_1002-1.exe [2011.04.27 11:55:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CBD08F3E-BC02-4707-8AC6-C08B1E6EC2C0}.job [2011.04.27 11:54:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 11:54:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.27 11:54:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.27 11:54:06 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys [2011.04.26 23:18:38 | 000,001,356 | -H-- | M] () -- C:\Users\Louisa\AppData\Local\d3d9caps.dat [2011.04.26 21:30:49 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~43966216r [2011.04.26 21:30:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43966216 [2011.04.26 21:30:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43966216 [2011.04.26 20:10:46 | 000,184,846 | -H-- | M] () -- C:\Users\Louisa\AppData\Roaming\nvModes.001 [2011.04.19 14:44:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.18 19:02:08 | 000,248,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.18 14:01:01 | 000,606,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.18 14:01:00 | 000,640,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.18 14:01:00 | 000,131,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.18 14:01:00 | 000,108,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.18 11:11:42 | 000,432,185 | -H-- | M] () -- C:\Users\Louisa\Desktop\Preu_DF_Agenda_202010.pdf [2011.04.18 10:48:34 | 001,754,832 | -H-- | M] () -- C:\Users\Louisa\Desktop\007_merkel-soziale gerechtigkeit.pdf [2011.04.14 20:32:01 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.04.14 20:30:30 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 20:19:43 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [3 C:\Users\Louisa\Desktop\*.tmp files -> C:\Users\Louisa\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 11:59:19 | 000,349,544 | ---- | C] () -- C:\Users\Louisa\Desktop\SymFix_1002-1.exe [2011.04.26 23:20:03 | 2145,452,032 | -HS- | C] () -- C:\hiberfil.sys [2011.04.26 21:30:49 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43966216r [2011.04.26 21:30:48 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43966216 [2011.04.26 21:30:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43966216 [2011.04.18 11:11:42 | 000,432,185 | -H-- | C] () -- C:\Users\Louisa\Desktop\Preu_DF_Agenda_202010.pdf [2011.04.18 10:48:34 | 001,754,832 | -H-- | C] () -- C:\Users\Louisa\Desktop\007_merkel-soziale gerechtigkeit.pdf [2011.04.14 20:32:01 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.04.14 20:30:30 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 20:19:43 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf [2011.02.16 16:24:15 | 000,172,032 | ---- | C] () -- C:\Windows\System32\binkw32.dll [2010.12.01 14:05:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.12.01 14:05:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.26 00:24:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.04.01 02:20:54 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.19 13:19:19 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.11.01 02:26:33 | 000,001,356 | -H-- | C] () -- C:\Users\Louisa\AppData\Local\d3d9caps.dat [2009.09.13 16:22:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.09.13 16:15:11 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.08.25 23:48:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.25 23:48:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.14 10:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll [2009.05.11 11:36:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.10 11:40:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.01.12 22:09:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.20 01:07:36 | 000,000,094 | -H-- | C] () -- C:\Users\Louisa\AppData\Local\fusioncache.dat [2008.02.28 13:31:59 | 000,000,214 | ---- | C] () -- C:\Windows\scummvm.ini [2008.02.16 02:04:53 | 000,184,846 | -H-- | C] () -- C:\Users\Louisa\AppData\Roaming\nvModes.001 [2008.02.16 00:37:02 | 000,010,240 | ---- | C] () -- C:\Users\Louisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.16 00:33:46 | 000,184,846 | -H-- | C] () -- C:\Users\Louisa\AppData\Roaming\nvModes.dat [2007.11.20 07:44:13 | 000,061,440 | ---- | C] () -- C:\Windows\StkUnist.exe [2007.11.15 10:57:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.16 10:23:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ATGina.dll [2007.10.16 10:23:24 | 000,014,600 | ---- | C] () -- C:\Windows\System32\drivers\ATDrv.sys [2007.10.16 10:23:24 | 000,011,528 | ---- | C] () -- C:\Windows\System32\drivers\KBFilter.sys [2007.10.16 10:23:22 | 000,014,584 | ---- | C] () -- C:\Windows\System32\drivers\MLowCtl.sys [2007.10.15 16:56:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.05 22:06:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2007.10.05 12:12:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.02 17:33:31 | 000,640,848 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,248,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,606,424 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.08.02 15:57:58 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Academic Software Zurich [2011.04.27 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Audacity [2010.11.30 15:26:52 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Broken Sword 2.5 [2011.04.27 11:50:42 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Canon [2010.08.02 01:34:28 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.27 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\ICAClient [2011.02.09 13:41:09 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\ICQ [2011.01.01 17:41:31 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Need for Speed World [2009.09.13 16:22:21 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Samsung [2009.08.11 01:01:40 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\TheLastRipper [2011.04.19 14:44:58 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.04.27 11:55:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CBD08F3E-BC02-4707-8AC6-C08B1E6EC2C0}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34 < End of report > |
|
02.05.2011, 18:47
| #4 |
| /// Malware-holic   | Festplatte beschädigt. Schwarzer Bildschirm. wer sich selbst antwortet, muss sich nicht wundern :-) die themen tauchen dann nicht mehr als unbeantwortet auf und werden übersehen. poste noch mal neue otl logs bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 19:23
| #5 |
| | Festplatte beschädigt. Schwarzer Bildschirm. OTL Logfile: Code:
ATTFilter OTL logfile created on: 02.05.2011 20:18:07 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louisa\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 137,60 Gb Total Space | 37,46 Gb Free Space | 27,22% Space Free | Partition Type: NTFS Computer Name: LOUISA-PC | User Name: Louisa | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Louisa\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.exe (Vestel Digital) PRC - C:\Programme\Vestel\Vestel Mobile Utilities\Mobile Utility Button\MobUtil.exe () PRC - C:\Programme\Vestel\Vestel Mobile Utilities\Anti-Theft Sensor\ATApp.exe (Vestel Digital) PRC - C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) PRC - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Programme\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Programme\O2Micro\o2flash.exe (O2Micro International) PRC - C:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Louisa\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (omniserv) -- C:\Programme\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.) SRV - (LiveUpdate) -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation) SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (o2flash) -- C:\Program Files\O2Micro\o2flash.exe (O2Micro International) SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation) SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (MpKsle039be93) -- File not found DRV - (MpKsle07b449a) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsle07b449a.sys (Microsoft Corporation) DRV - (MpKsl218ba8ed) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsl218ba8ed.sys (Microsoft Corporation) DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (MLowCtl) -- C:\Windows\System32\drivers\MLowCtl.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (acpihid) -- C:\Windows\System32\drivers\acpihid.sys (Intel Corporation) DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (KBFilter) -- C:\Windows\system32\DRIVERS\KBFilter.sys () DRV - (ATDrv) -- C:\Windows\System32\drivers\ATDrv.sys () DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (O2SDRDR) -- C:\Windows\System32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\Windows\system32\DRIVERS\o2media.sys (O2Micro ) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (MTsensor) -- C:\Windows\system32\drivers\asacpi.sys () DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (JGOGO) -- C:\Windows\system32\drivers\jgogo.sys (JMicron ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.11.17 01:54:16 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.13 21:29:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.27 16:43:16 | 000,000,000 | ---D | M] [2009.08.11 01:14:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Louisa\AppData\Roaming\mozilla\Extensions [2011.05.02 19:36:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions [2011.04.27 11:07:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}(3120) [2011.04.27 11:52:11 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Louisa\AppData\Roaming\mozilla\Firefox\Profiles\htzcfom3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.27 16:43:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.27 16:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.04.27 16:43:20 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.08.26 00:25:35 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF [2010.08.26 00:25:35 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\SSFF [2009.08.11 03:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2011.03.28 18:13:59 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.28 18:13:59 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.28 18:13:59 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.28 18:13:59 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.28 18:13:59 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IS CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe (Symantec Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Louisa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} Lycos (Lycos File Upload Component) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (ATGINA.DLL) - C:\Windows\System32\ATGina.dll () O24 - Desktop WallPaper: C:\Users\Louisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Louisa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.27 16:43:14 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2011.04.27 16:43:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.04.27 16:43:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.04.27 16:43:14 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.04.27 13:07:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.27 13:07:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.27 13:06:38 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Louisa\Desktop\mbam-setup.exe [2011.04.27 12:11:47 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Louisa\Desktop\OTL.exe [2011.04.27 11:20:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec [2011.04.27 11:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.04.27 11:07:40 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java [2011.04.27 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Louisa\AppData\Roaming\Malwarebytes [2011.04.27 00:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.27 00:30:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.25 23:43:04 | 000,000,000 | -H-D | C] -- C:\Users\Louisa\Desktop\Libyen [2011.04.17 21:42:42 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.17 21:42:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.17 21:42:13 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.17 21:42:11 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.17 21:41:42 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.17 21:41:20 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.17 21:41:20 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.17 21:41:19 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.17 21:41:18 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.17 21:41:18 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.17 21:41:17 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.17 21:41:04 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.17 21:41:00 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2011.04.17 21:40:59 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.14 20:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.14 20:28:59 | 000,000,000 | ---D | C] -- C:\Programme\iPod [3 C:\Users\Louisa\Desktop\*.tmp files -> C:\Users\Louisa\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.02 19:55:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 19:55:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.02 19:55:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.02 19:54:02 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys [2011.05.02 19:25:05 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{CBD08F3E-BC02-4707-8AC6-C08B1E6EC2C0}.job [2011.04.27 23:58:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.04.27 13:07:41 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 13:06:59 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Louisa\Desktop\mbam-setup.exe [2011.04.27 12:11:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Louisa\Desktop\OTL.exe [2011.04.27 12:00:16 | 000,349,544 | ---- | M] () -- C:\Users\Louisa\Desktop\SymFix_1002-1.exe [2011.04.26 23:18:38 | 000,001,356 | -H-- | M] () -- C:\Users\Louisa\AppData\Local\d3d9caps.dat [2011.04.26 21:30:49 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~43966216r [2011.04.26 21:30:49 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~43966216 [2011.04.26 21:30:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\43966216 [2011.04.26 20:10:46 | 000,184,846 | -H-- | M] () -- C:\Users\Louisa\AppData\Roaming\nvModes.001 [2011.04.18 19:02:08 | 000,248,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.04.18 14:01:01 | 000,606,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.18 14:01:00 | 000,640,848 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.18 14:01:00 | 000,131,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.18 14:01:00 | 000,108,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.18 11:11:42 | 000,432,185 | -H-- | M] () -- C:\Users\Louisa\Desktop\Preu_DF_Agenda_202010.pdf [2011.04.18 10:48:34 | 001,754,832 | -H-- | M] () -- C:\Users\Louisa\Desktop\007_merkel-soziale gerechtigkeit.pdf [2011.04.14 20:32:01 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011.04.14 20:30:30 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 20:19:43 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [3 C:\Users\Louisa\Desktop\*.tmp files -> C:\Users\Louisa\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.27 13:07:41 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.04.27 11:59:19 | 000,349,544 | ---- | C] () -- C:\Users\Louisa\Desktop\SymFix_1002-1.exe [2011.04.26 23:20:03 | 2145,452,032 | -HS- | C] () -- C:\hiberfil.sys [2011.04.26 21:30:49 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~43966216r [2011.04.26 21:30:48 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~43966216 [2011.04.26 21:30:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\43966216 [2011.04.18 11:11:42 | 000,432,185 | -H-- | C] () -- C:\Users\Louisa\Desktop\Preu_DF_Agenda_202010.pdf [2011.04.18 10:48:34 | 001,754,832 | -H-- | C] () -- C:\Users\Louisa\Desktop\007_merkel-soziale gerechtigkeit.pdf [2011.04.14 20:32:01 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2011.04.14 20:30:30 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.04.14 20:19:43 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf [2011.02.16 16:24:15 | 000,172,032 | ---- | C] () -- C:\Windows\System32\binkw32.dll [2010.12.01 14:05:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.12.01 14:05:55 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.08.26 00:24:50 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.04.01 02:20:54 | 000,000,038 | ---- | C] () -- C:\Windows\wininit.ini [2009.11.19 13:19:19 | 000,000,087 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.11.01 02:26:33 | 000,001,356 | -H-- | C] () -- C:\Users\Louisa\AppData\Local\d3d9caps.dat [2009.09.13 16:22:08 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.09.13 16:15:11 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.08.25 23:48:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.25 23:48:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.08.14 10:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll [2009.05.11 11:36:21 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.05.10 11:40:59 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2009.01.12 22:09:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2008.03.20 01:07:36 | 000,000,094 | -H-- | C] () -- C:\Users\Louisa\AppData\Local\fusioncache.dat [2008.02.28 13:31:59 | 000,000,214 | ---- | C] () -- C:\Windows\scummvm.ini [2008.02.16 02:04:53 | 000,184,846 | -H-- | C] () -- C:\Users\Louisa\AppData\Roaming\nvModes.001 [2008.02.16 00:37:02 | 000,010,240 | ---- | C] () -- C:\Users\Louisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.16 00:33:46 | 000,184,846 | -H-- | C] () -- C:\Users\Louisa\AppData\Roaming\nvModes.dat [2007.11.20 07:44:13 | 000,061,440 | ---- | C] () -- C:\Windows\StkUnist.exe [2007.11.15 10:57:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2007.10.16 10:23:25 | 000,053,248 | ---- | C] () -- C:\Windows\System32\ATGina.dll [2007.10.16 10:23:24 | 000,014,600 | ---- | C] () -- C:\Windows\System32\drivers\ATDrv.sys [2007.10.16 10:23:24 | 000,011,528 | ---- | C] () -- C:\Windows\System32\drivers\KBFilter.sys [2007.10.16 10:23:22 | 000,014,584 | ---- | C] () -- C:\Windows\System32\drivers\MLowCtl.sys [2007.10.15 16:56:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2007.10.05 22:06:44 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys [2007.10.05 12:12:48 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2006.11.02 17:33:31 | 000,640,848 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 17:33:31 | 000,131,668 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,248,776 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,606,424 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,108,760 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010.08.02 15:57:58 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Academic Software Zurich [2011.04.27 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Audacity [2010.11.30 15:26:52 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Broken Sword 2.5 [2011.04.27 11:50:42 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Canon [2010.08.02 01:34:28 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.27 11:52:06 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\ICAClient [2011.02.09 13:41:09 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\ICQ [2011.01.01 17:41:31 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\Need for Speed World [2009.09.13 16:22:21 | 000,000,000 | ---D | M] -- C:\Users\Louisa\AppData\Roaming\Samsung [2009.08.11 01:01:40 | 000,000,000 | -H-D | M] -- C:\Users\Louisa\AppData\Roaming\TheLastRipper [2011.04.27 23:58:02 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.05.02 19:25:05 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{CBD08F3E-BC02-4707-8AC6-C08B1E6EC2C0}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B606BA34 < End of report > |
|
02.05.2011, 19:25
| #6 |
| | Festplatte beschädigt. Schwarzer Bildschirm. OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 02.05.2011 20:18:07 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Louisa\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 137,60 Gb Total Space | 37,46 Gb Free Space | 27,22% Space Free | Partition Type: NTFS
Computer Name: LOUISA-PC | User Name: Louisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085EBB76-BD34-4E5C-ADE6-A59FB77FE0BF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20EF3977-9A99-4D76-96F1-69BF6107A16C}" = lport=137 | protocol=17 | dir=in | app=system |
"{25DC2DA7-1A70-401E-95C4-16588BDACDAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{39CC7A95-754C-49CC-8AB0-9CA561DD8799}" = rport=445 | protocol=6 | dir=out | app=system |
"{419ABE11-FDBB-4539-B72B-C1EE1D601A46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{66AE29EA-5401-44FB-A3EC-FCD8F77DEDFD}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A2DB1CF-0059-4792-8E95-B322394C4B01}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7EA742B9-3479-4434-BB3D-A140AB651547}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FA380C6-5380-425B-975E-6A930F9FFC68}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8A7A557C-526C-48D4-818A-E09A0A50C76B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9273A07D-B510-4584-95D1-1D5320223029}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98381206-8CC1-4592-BB75-60ECA959F992}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BA7F3917-0C9E-418F-AAA8-F0E847DFE06D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C8B2BF9C-3C2A-4A1C-8AB3-052BCD1805A0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D12B4347-9D36-4EBA-AC3F-60863D9E25CF}" = lport=138 | protocol=17 | dir=in | app=system |
"{D3A8E24F-4761-423E-BD26-E4E6B2F67401}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{EEE35C88-4384-4BE7-8FF2-389B5846E349}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F18BDAF8-3ACE-4610-AF9D-4E10B2D552BF}" = lport=139 | protocol=6 | dir=in | app=system |
"{F655342D-A979-444B-A13D-86DAF1356526}" = rport=137 | protocol=17 | dir=out | app=system |
"{F6A8E882-BB05-45D8-BD73-1A700FE23F92}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19A0882E-2411-4949-BB4E-1050682B9795}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2646726F-2ADE-4BCC-B80A-ACC141DEEF2C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{43AA30DE-6A05-40EC-BDD5-50CA06F75611}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4615D4D5-24AE-4634-943E-6E80B1019A74}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{591E6C96-C5E4-40C4-9B87-7F1BAD49F0FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA1A3070-C0F1-4136-AC2B-92F1BCCAD2C2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C39380DB-B074-4D58-9244-A64722C67B19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6D08AF9-6EF3-4AC8-A401-EBC9777F84FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D512292B-24E6-48AB-94C4-5D6D77C4FF56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{EEB77915-FB78-404B-AC36-8D4BBF7E769B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{77C2C2B7-D9AF-4CA6-8A9F-EA332455880C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{A30766E4-2CFC-4D2C-9AC0-A3F251825435}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{B2838EEE-F79A-4B1F-AAD5-6416F995D672}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B5D3EAFD-2A24-44E7-ADB8-AD535B9796F1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C28C28AF-30D3-4BC3-9DF4-A391BE60B0BE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{D16058CA-E73A-4871-AB36-F743D4EEA71A}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{EC04232F-AA3A-454B-BF30-4E19C22AC5F1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{060EBB9B-4D49-4CBB-B439-CF22ABD6E86E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{481C1975-6ECE-4A3C-B0AF-FF51CC31181C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{6D3E57C2-6FD5-4583-AF03-BD75C6C52378}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{9658D156-0559-48DC-AE1A-E98ACDF7A7EF}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{AF76AFD1-31C6-4149-B904-0A923DB5F386}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{DE5F0A45-13E3-4023-8BFB-C49CFFC5BDE0}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{FA163DF6-F0FA-445D-B292-256A4D2A4346}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}" = Vestel Installer Suite
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Nur Web
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 24
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E5F8579-12A8-4169-A3EC-688EC7004A00}" = AuthenTec Fingerprint Sensor Minimum Install
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3EBC0693-0A27-4B50-90A1-A8B688911C7A}" = Samsung PC Studio 3
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = USB2.0 1.3M WebCam
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7 Essentials
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{851367C1-2F9F-4087-B3E8-8DECFE328370}" = The Da Vinci Code
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC5BB96-49B4-4C4F-9E2F-B70D2A37C209}" = Böse Nachbarn 2 Demo XS
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E45B30C1-AE47-41E0-83C4-E3EB82688917}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.17
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"00054 Mathematik für Wirtschaftswissenschaftler II" = 00054 Mathematik für Wirtschaftswissenschaftler II
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Broken Sword 2.5_is1" = Broken Sword 2.5
"Citavi" = Citavi 2.5
"DivX Setup.divx.com" = DivX-Setup
"Episode 104 - Abe Lincoln Must Die!" = Sam and Max - Season One - Episode 104 - Abe Lincoln Must Die!
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Gefeuert Demo" = Gefeuert Demo (remove only)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ScummVM_is1" = ScummVM 0.9.0
"SymSetupTemp.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomb Raider - The Last Revelation" = Tomb Raider - The Last Revelation
"Tomb Raider III" = Tomb Raider III
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"VLC media player" = VLC media player 1.0.1
"Xvid_is1" = Xvid 1.1.3 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 24.04.2010 05:45:50 | Computer Name = Louisa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 25.04.2010 09:29:06 | Computer Name = Louisa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3726 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 1188 Anfangszeit: 01cae475516ca215 Zeitpunkt der Beendigung:
46
Error - 26.04.2010 15:24:00 | Computer Name = Louisa-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.1.3726 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 900 Anfangszeit: 01cae5730d494076 Zeitpunkt der Beendigung:
11
[ System Events ]
Error - 14.12.2009 09:37:22 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 09:37:52 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 14.12.2009 12:14:03 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 14.12.2009 12:14:36 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 14.12.2009 19:12:36 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 10:18:07 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 10:18:42 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 15.12.2009 13:36:42 | Computer Name = Louisa-PC | Source = HTTP | ID = 15016
Description =
Error - 15.12.2009 13:37:20 | Computer Name = Louisa-PC | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 16.12.2009 11:47:14 | Computer Name = Louisa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.12.2009 um 01:02:37 unerwartet heruntergefahren.
< End of report >
|
|
02.05.2011, 19:25
| #7 |
| /// Malware-holic | Festplatte beschädigt. Schwarzer Bildschirm. poste alle Malwarebytes logs, malwarebytes öffnen logdateien.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 19:30
| #8 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Einen vollständigen oder nur Quick-Scan? |
|
02.05.2011, 19:32
| #9 |
| /// Malware-holic | Festplatte beschädigt. Schwarzer Bildschirm. nö, hab ich was vom scan geschrieben, will die alten logs sehen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 19:33
| #10 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.04.2011 16:30:08 mbam-log-2011-04-27 (16-30-07).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|) Durchsuchte Objekte: 294334 Laufzeit: 1 Stunde(n), 19 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\pdfforge toolbar\FF\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. |
|
02.05.2011, 19:34
| #11 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 6455 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.04.2011 13:21:26 mbam-log-2011-04-27 (13-21-26).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 148255 Laufzeit: 13 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
02.05.2011, 19:49
| #12 |
| /// Malware-holic | Festplatte beschädigt. Schwarzer Bildschirm. sind das alle scans?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 19:52
| #13 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Ja, wieso? Wieviele muss/soll ich denn machen? |
|
02.05.2011, 20:05
| #14 |
| /// Malware-holic | Festplatte beschädigt. Schwarzer Bildschirm. du sollst nicht mehr machen, ich wollte nur wissen obs alle sind... lade unhide: Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.05.2011, 21:02
| #15 |
| | Festplatte beschädigt. Schwarzer Bildschirm. Combofix Logfile: Code:
ATTFilter ComboFix 11-05-02.02 - Louisa 02.05.2011 21:23:00.1.2 - x86
ausgeführt von:: c:\users\Louisa\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Mozilla Firefox\extensions\searchsettings@spigot.com
c:\program files\pdfforge Toolbar\IE\1.1.2\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\ddv.tmp
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\sld.tmp
c:\users\Louisa\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-02 bis 2011-05-02 ))))))))))))))))))))))))))))))
.
.
2011-05-02 19:40 . 2011-05-02 19:40 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsl70c19647.sys
2011-05-02 19:36 . 2011-05-02 19:44 -------- d-----w- c:\users\Louisa\AppData\Local\temp
2011-05-02 19:36 . 2011-05-02 19:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-02 17:36 . 2011-04-18 07:15 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\mpengine.dll
2011-04-27 14:43 . 2011-02-02 19:40 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-04-27 14:43 . 2011-02-02 19:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-27 11:07 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-27 11:07 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-27 09:07 . 2011-04-27 09:07 -------- d-----w- c:\program files\Common Files\Java
2011-04-26 22:30 . 2011-04-26 22:30 -------- d-----w- c:\users\Louisa\AppData\Roaming\Malwarebytes
2011-04-26 22:30 . 2011-04-26 22:30 -------- d-----w- c:\programdata\Malwarebytes
2011-04-26 22:30 . 2011-04-27 11:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-17 19:42 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-17 19:42 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-17 19:42 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-17 19:42 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-17 19:42 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-17 19:42 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-17 19:42 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-17 19:42 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-17 19:40 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-17 19:40 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-14 18:28 . 2011-04-14 18:28 -------- d-----w- c:\program files\iPod
2011-04-13 19:27 . 2011-01-26 19:18 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C667591E-8484-4B01-B01B-DD83FA541541}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 07:15 . 2009-10-30 09:21 7071056 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-22 14:13 . 2011-03-24 09:18 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-24 09:18 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-24 09:18 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-18 14:36 . 2011-02-18 14:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 14:36 . 2011-02-18 14:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
------- Sigcheck -------
.
[7] 2010-08-17 . AAE98B295E88D439A6E0F6E8929424FB . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[-] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\System32\spoolsv.exe
[-] 2010-08-17 . 8554097E5136C3BF9F69FE578A1B35F4 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[7] 2010-08-17 . 3665F79026A3F91FBCA63F2C65A09B19 . 126464 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[-] 2010-08-17 . E807FC542C295BA256CE3567829E02A6 . 128000 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe
[7] 2009-04-11 . 524BFBEA40E6E404737CCBC754647A2E . 127488 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[-] 2008-01-19 . 846CDF9A3CF4DA9B306ADFB7D55EE4C2 . 125952 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[7] 2006-11-02 . DA612EF2556776DF2630B68BF2D48935 . 124928 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
.
[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\System32\netlogon.dll
[-] 2009-04-11 . 95DAECF0FB120A7B5DA679CC54E37DDE . 592896 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[7] 2008-01-19 . A8EFC0B6E75B789F7FD3BA5025D4E37F . 592384 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[7] 2006-11-02 . 889A2C9F2AACCD8F64EF50AC0B3D553B . 559616 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
.
[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\System32\scecli.dll
[-] 2009-04-11 . 8FC182167381E9915651267044105EE1 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
[7] 2008-01-19 . 28B84EB538F7E8A0FE8B9299D591E0B9 . 177152 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[7] 2006-11-02 . 80E2839D05CA5970A86D7BE2A08BFF61 . 176640 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
.
[7] 2010-04-16 . E609A492AD596187CEA24E8418FF082F . 502784 . . [1.0626.6002.22384] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.22384_none_af1813076efd8bc3\usp10.dll
[-] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\System32\usp10.dll
[-] 2010-04-16 . 80FFF14F1757B9AF8BE9D314FC1AE88B . 502272 . . [1.0626.6002.18244] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18244_none_aeb9b5ec55bf7c35\usp10.dll
[7] 2010-04-16 . 8CB1162DD3586683D71BCB303C1FF54F . 502272 . . [1.0626.6001.22672] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.22672_none_ad3a707771d0e800\usp10.dll
[7] 2010-04-16 . A23E4692716C25E5AEA300ED74E73A1C . 501760 . . [1.0626.6001.18461] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18461_none_acbaa16858ac15c7\usp10.dll
[7] 2009-04-11 . 5A8E28037289FCCBF7AD3FC57DF7048F . 502272 . . [1.0626.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6002.18005_none_aee5f21a559e2b7a\usp10.dll
[7] 2008-01-19 . 3122DAF86B33ED8AC4662D07593025D7 . 501760 . . [1.0626.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6001.18000_none_acfa790e587c602e\usp10.dll
[7] 2006-11-02 . 456FB859236C9074ACF6C3B6243D8B46 . 502784 . . [1.0626.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.0.6000.16386_none_aac3b7125b914f5a\usp10.dll
.
[7] 2010-11-06 . 7B587B8A6D4A99F79D2902D0385F29BD . 603648 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18551_none_2ecc18bd972a0f87\schedsvc.dll
[7] 2010-11-05 . 4B71C228530440F853F9C30E308F00E9 . 604672 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.22791_none_2f2a77beb0681c3c\schedsvc.dll
[-] 2010-11-05 . 38AE0400578FD396628F21A571473A3B . 602112 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.22519_none_316f6d3cad4659b7\schedsvc.dll
[-] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\System32\schedsvc.dll
[-] 2010-11-04 . 1A58069DB21D05EB2AB58EE5753EBE8D . 601600 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18342_none_30be5cc194475f38\schedsvc.dll
[7] 2009-04-11 . 323AE0BDFD2EB15B668DDA50CC597329 . 595456 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6002.18005_none_30ec979d94244404\schedsvc.dll
[-] 2008-05-16 . 886CEC884B5BE29AB9828B8AB46B11F7 . 595456 . . [6.0.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16609_none_2d23e28599d3cbd6\schedsvc.dll
[7] 2008-05-16 . BF17DA9F25A4F84C2577AC13EE126CB7 . 595968 . . [6.0.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.20734_none_2d880e1ab30e40c0\schedsvc.dll
[7] 2008-01-19 . 1D5E99DB3C10F4FA034010DC49043CA4 . 596992 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6001.18000_none_2f011e91970278b8\schedsvc.dll
[-] 2006-11-02 . 5C72614E6625D39CC1504BF078FDC4CA . 595456 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.0.6000.16386_none_2cca5c959a1767e4\schedsvc.dll
.
[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\System32\ssdpsrv.dll
[-] 2008-01-19 . 03D50B37234967433A5EA5BA72BC0B62 . 155648 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6001.18000_none_7fc972ebd13849b5\ssdpsrv.dll
[7] 2006-11-02 . 8D3E4BAFF8B3997138C38EB1B600519A . 155136 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-upnpssdp_31bf3856ad364e35_6.0.6000.16386_none_7d92b0efd44d38e1\ssdpsrv.dll
.
[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\System32\ias.dll
[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6001.18000_none_f900daa442864318\ias.dll
[-] 2008-01-19 . 7A5F8218325F00396DAEA2F985FA0ECB . 18944 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6002.18005_none_faec53b03fa80e64\ias.dll
[7] 2006-11-02 . D7657856319941907BBDC2A11713CFD7 . 17408 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.0.6000.16386_none_f6ca18a8459b3244\ias.dll
.
[-] 2008-01-19 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\System32\ddraw.dll
[-] 2008-01-19 . FA2A3AFADC4FB47DBC234A4E57F92CDB . 522752 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6001.18000_none_0505a2ecc0013ebd\ddraw.dll
[7] 2006-11-02 . 29EF7A2EE634DD701571E781DE5E7E91 . 528384 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.0.6000.16386_none_02cee0f0c3162de9\ddraw.dll
.
[-] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\System32\wiaservc.dll
[-] 2009-04-11 . 5DE7D67E49B88F5F07F3E53C4B92A352 . 453120 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6002.18005_none_347fb41db0752753\wiaservc.dll
[-] 2008-01-19 . 7DD08A597BC56051F320DA0BAF69E389 . 452608 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6001.18000_none_32943b11b3535c07\wiaservc.dll
[7] 2006-11-02 . A941E099EF46E3CC12F898CBE1C39910 . 451584 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-w..sition-coreservices_31bf3856ad364e35_6.0.6000.16386_none_305d7915b6684b33\wiaservc.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-06 869936]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-01-19 2498560]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-16 185872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-08-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-16 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-16 81920]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader - Schnellstart.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Anti-Theft Sensor.lnk - c:\program files\Vestel\Vestel Mobile Utilities\Anti-Theft Sensor\atapp.exe [2007-10-16 434176]
Mobile Utility Button.lnk - c:\program files\Vestel\Vestel Mobile Utilities\Mobile Utility Button\Mobutil.exe [2007-10-16 630784]
On Screen Display.lnk - c:\program files\Vestel\Vestel Mobile Utilities\On Screen Display\OSD.EXE [2007-10-16 753664]
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-5-11 6144]
Wiederherstellung.lnk - c:\sources\OEM\Recovery\user\delayrun.vbs [2007-10-5 268]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl218ba8ed;MpKsl218ba8ed;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsl218ba8ed.sys [x]
R1 MpKsl5e8e77eb;MpKsl5e8e77eb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5D46FE3-9BA1-4FA6-B9B4-25BD6D2D7878}\MpKsl5e8e77eb.sys [x]
R1 MpKsle039be93;MpKsle039be93;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6238A52-21E5-4969-B7F1-75040F047DB5}\MpKsle039be93.sys [x]
R1 MpKsle07b449a;MpKsle07b449a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsle07b449a.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz128;cpuz128;c:\users\ADMINI~1\AppData\Local\Temp\cpuz_x32.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 KBFilter;KeyBoard Filter driver;c:\windows\system32\DRIVERS\KBFilter.sys [2007-03-26 11528]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-11-20 38400]
S1 ATDrv;Antitheft Driver;c:\windows\system32\DRIVERS\ATDrv.sys [2007-03-26 14600]
S1 MLowCtl;Low Control Driver;c:\windows\system32\DRIVERS\MLowCtl.sys [2007-08-28 14584]
S1 MpKsl70c19647;MpKsl70c19647;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8979515-94B2-4BC3-A26F-13EF5BEDC9AD}\MpKsl70c19647.sys [2011-05-02 28752]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-11-08 194240]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 acpihid;Intel ACPI-to-HID Mapper Driver;c:\windows\system32\DRIVERS\acpihid.sys [2007-05-31 22912]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2006-12-20 35968]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2007-01-19 1324544]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - COMHOST
*NewlyCreated* - IPNAT
*NewlyCreated* - MPKSL70C19647
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-02 c:\windows\Tasks\User_Feed_Synchronization-{CBD08F3E-BC02-4707-8AC6-C08B1E6EC2C0}.job
- c:\windows\system32\msfeedssync.exe [2008-06-20 07:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Louisa\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f009.mail.lycos.de/app/uploader/FileUploader.cab
FF - ProfilePath - c:\users\Louisa\AppData\Roaming\Mozilla\Firefox\Profiles\htzcfom3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Samsung Mobile phone USB driver - c:\users\Louisa\Desktop\SSSDUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-02 21:44
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\O2Micro\o2flash.exe
c:\windows\RtHDVCpl.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-02 22:00:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-05-02 20:00
.
Vor Suchlauf: 12 Verzeichnis(se), 49.220.042.752 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 53.950.595.072 Bytes frei
.
- - End Of File - - F9437FCA47EED388351FA8FAC5C8B353
|
|
| Themen zu Festplatte beschädigt. Schwarzer Bildschirm. |
| beschädigte, bildschirm, dateien, daten, desktop, festplatte, festplatten, gefahr, hallo zusammen, ide, leer, meldung, ordner, platte, plötzlich, problem, recovery, schonmal, schwarz, schwarzer bildschirm, system, systemwiederherstellung, trojaner, windows, zusammen |
Linear-Darstellung
